220 likes | 338 Views
Performance Evaluation of Public Key Cryptosystems Advisor: Dr.Jens Peter Kaps. Project Team: Rakesh Malireddy Rohan Malewar Vasunandan Peddi Vijay Koneru. Introduction to NTRU. Introduced in 1998 by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman
E N D
Performance Evaluation of Public Key CryptosystemsAdvisor: Dr.Jens Peter Kaps Project Team: Rakesh Malireddy Rohan Malewar Vasunandan Peddi Vijay Koneru
Introduction to NTRU • Introduced in 1998 by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman • First public-key algorithm not based on either integer factorization or the discrete logarithm problem • It promises efficient performance combined with robust security • NTRU’s creators claim that it is resistant to parallel processing attacks and that this fact, combined with its disposable key technology, considerably reduces the risk of power attacks, timing attacks and security breaches due to lost or intercepted keys
What is NTRU? • NTRU is nth degree truncation. • A public key algorithm where a key pair(public and private key) is generated using complicated mathematical functions. • The concept of NTRU lies in the ring of truncated polynomials of degree N-1 with integer coefficients. So, instead of using prime numbers we use a polynomial rings such as a = a0 + a1X + a2X2 + … + aN-2XN-2 + aN-1XN-1
NTRU Key Generation • Compute a random polynomial ‘f’ that has ‘p1’ co-effecients equal to 1 and ‘m1’ co-effecients equal to –1 (p1 and m1 are inputs from the user) • Compute the inverse of ‘f’ with mod p (fp) such that f * fp = 1 (mod p) • If fp does not exist then perform the above step again. • Compute the inverse of ‘f’ with mod q (fq) such that: f * fq = 1 (mod q) • If fq does not exist then return to step 2. • Compute the value of h such that: h = pfq * g (mod q) • The NTRU private key is (f, fp) and the public key is h. where, N - Polynomials in ring R have degree equal to N-1 p - The small modulus q - The large modulus
NTRU Encryption & Decryption • Encryption: The message to be sent must first be expressed in the form of a polynomial whose co-effecients are chosen modulo p.The message can then be encrypted as follows: • Generate a random polynomial ‘r’ that has ‘dr’ co-effecients equal to 1 and ‘dr-1’ coeffecients equal to -1 • Compute polynomial E such that E=r*h + M(mod q) • E is the encrypted message • Decryption: The original message can be recovered by : • Compute a such that a=f*E(mod q) • Compute b such that b= a mod p • Compute M such that M=fp*b (mod p)
Calculating Inverse of a Polynomial • To compute the inverse of a (mod m): Let d = a, u = 1, v1 = 0, v3 = XN – 1 • While v3 ≠ 0, iterate the following: Compute q and t3 such that d = v3 * q + t3 (mod p) and the degree of t3 is less than the degree of v3. (This is polynomial long division, a complex algorithm in itself.) t1 = u – q * v1 u = v1 d = v3 v1 = t1 v3 = t3 • If the degree of d is greater than 0, the inversion has failed (i.e. a is not invertible (mod p) or (mod m)) EXIT • Let c = d0-1u (mod p) (where d0 is the constant term in the polynomial d). • If r > 1: Let q = p. • While q < m, iterate the following: x = c * c (mod m) x = a * x (mod m) c = 2c – x (mod m) q= q2 • Return c (mod m).
Implementation • The code to implement NTRU is written using the C language.Different functions were written to implement the different functionalities. • Polynomial multiplication When calculating the cipher text, E=r*h+M(mod q), we pass the polynomials that we have to multiply as arguments to the function and the result is the product of the two polynomials • Polynomial division This function is used to calculate q and t3 when a and b are known in the equation a=b*q+t3 (mod p) • Polynomial Inverse This function determines whether or not the inverse of the polynomial can be computed or not • Key Creation • Key Encryption • Key Decryption
How NTRU works? • a = f*e (mod q) = f*(r*h + m) (mod q) [since e = r*h + m (mod q)] = f*(r*pfq*g + m) (mod q) [since h = pfq*g (mod q)] = pr*g + f*m (mod q) [since f*fq= 1(mod q)]p , r , g , f , m are already in the (–q/2,q/2) range. So 'a' reducing again to 'q' would not effect anything • b = f*m (mod p) • So Bob's final step is to multiply b by fp and use the fact that fp*f = 1 (mod p) to computed = fp* b = fp* f*m = m (mod p) • This allows him to recover Alice's message ‘m’
XTR • XTR can be used in any cryptosystem that relies on discrete logarithm problem • XTR public key Data is ( P,Q,Tr(g))
Selection of ‘q’ int generate_q( bigint &q, bigint &r, const int q_bit_length, const int n_prime_tests){ int cnt; bigint r_max; cnt=0; power(r_max,2,q_bit_length/2+1); do{ r.randomize(r_max); q=r*r-r+1; cnt++; }while(q.bit_length()!=q_bit_length ||! is_prime(q,n_prime_tests)); return cnt
Selection of ‘p’ int generate_p( bigint &p, const bigint &q, const bigint &r, const int n_prime_tests) { int k k=0; p=r; do { k++ p+=q; } while(remainder(p,3)!=2 || ! is_prime(p,n_prime_tests)); return k; }
Computation of Trace Group • Tr(h) = h+hp2+hp4 • Trace belongs to GF(p2) • The trace group is represented by Sn
Computation of Trace Group • Sn(c) = (cn−1, cn, cn+1) belongs toGF(p2)3 • Sn(Tr(g)) = (Tr(gn−1), Tr(gn), Tr(gn+1))
LiDIA Library • Mathematical library used in XTR program • bigint • bigmod
Results Level of Security NTRU XTR • Standard 167 bits 85 bits • High 263 bits 170 bits • Highest 503 bits 340 bits
Observations • Key Generation: • XTR outperforms NTRU marginally at Standard security level • At High security level XTR outperforms NTRU approximately by a factor of 1.5
Observations • Encryption: • NTRU outperforms XTR by a large factor due to exponentiation function in the XTR • On going for higher security levels, the above factor reduces marginally
Observations • Decryption: • NTRU outperforms XTR • XTR has same encryption as NTRU on a high level security and on a platform with limited resources like PC
Problems Faced • NTRU: • Performing long division method while calculating inverse • Performing mod function when p=3 • XTR: • Implementation of Library routine • Implementation of encryption function